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Amendment to the Claims 

1 . (currently amended) A process for a simplified access control language that controls 
5 access to directory entries in a computer environment, comprising the steps of: 

prov i ding a system administrator d e fin e d creating a read access control list (ACL) 
command for a userff: ]], wherein said 

said syst e m adm i nistrator dofinod read access control Hst command l isting lists a 
set of Lightweight Directory Access Protocol fLDAP) user attributes that are sele ct e d 
10 created and controlled by said administrator; 

said user applying said read access control list command bv listing se l e cting a 
subset from said system administrator defined LDAP user attributes for aUewmg 
ggtriorizinq user dofinod read access to said subs et of user attributes to one_or more 
other userslT: n. and bv listing 
15 prov i ding a u se r d e fin e d acc e s s control command attribut e r e ad l ist conta i ning 

user identifications of said one or more other users such that said one or more other 
users are allow e d authorized to have read access to said ueo p- doflnod subset of 
said system administrator defined LDAP user attributes; an4 

storing said read access control list command In a directory, said directory 
20 containing said user attributes: and 

responsive to one or more other users accessing anv of said user attributes in 
said directory, said read access control list command referring to said usor dofinod road 
list of user identifications at runtime thereby allowing said road usor i dontificationo one 
or more other users read access to said system administrator defined LDAP user 
25 attributes[[;Il 

. whoroln oald road acco ss- control command r e sid es i n a d i r e ctory containing said 
LDAP attributoc . 

2. (original) The process of Claim 1 , wherein upon a client read access, the directory 
30 server selects a specific read access control command according to the attribute being 
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accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

3. (original) The process of Claim 1 , further conriprising the steps of: 

5 providing a user defined write list containing user identifications that are allowed 

to write a specified set of attributes; 

providing a system administrator defined write access control command; 
said write access control command listing the user attributes that said 
administrator has selected for user defined write access; and 
10 said write access control command referring to said user defined write list 

thereby allowing said write user identifications write access to. said user attributes. 

4. (original) The process of Claim 3, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 

15 accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

5. (currently amended) A process for a simplified access controi language that controls 
access to directory entries in a computer environment, comprising the steps of: 

20 providing for a us e r a system administrator creatino a d efined read access 

control list (ACL) command that lists Lightweight Directory Access Protocol (LDAP) user 
attributes that said administrator has se l ootod created for user defined read access, 
said user selecting a subset of ucor dofinod said LDAP user attributes from said list for 
read access to one or more other users; 

25 pp c^vid l ng for a u se r a system administrator creatine a d efined write access 

control list (ACL) command that lists Lightweight Directory Access Protocol (LDAP) user 
attributes that said administrator has se l ootod created for user defined write access, 
said user selecting a subset of user defined said LDAP user attributes from said list for 
write access to one or more other users; 

30 . providing a plurality of user defined access control Mst command attribute read 

lists containing user identifications of said one or more other users that are allowed to 
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read said user defined subset from said LDAP user attributes that said administrator 
has s ele ct e d created for user defined read access; aB# 

providing a plurality of user defined access control list command attribute write 
lists containing user identifications of said one or more other users that are allowed to 
5 write said user defined subset from said LDAP user attributes that said administrator 
has s e l e ct e d created for user defined write access; and 

whc F o tR storing said read access control Hst command and said write access 
control list command reside in a directory containing said LDAP user attributes; 

wherein wh e n a ol i ont resoonsive to one or more other users requesting read 
10 access to one of the LDAP user attributes that sa i d adm i nistrator has selootod for uoor 
defined read aooess oocurs , applying said read access control list command and the 
read list of the owner of the attribute being accessed aro ucod to determine if said el i e nt 
one or more other users has permission to execute said read access; and 

wherein wh e n a client responsive to one or more other users reouestina write 
15 access to one of the LDAP user attributes that sQid - odministrator has ooloclod for ucor 
defined writ e aooess ooouro , applying said write access control Itet command and the 
write list of the owner of the attribute being accessed ar e us e d to determine if said cli e nt 
one or more other users has permission to execute said write access. 

20 6. (currently amended) A process for a simplified access control language that controls 
access to directory entries in a computer environment, comprising the steps of: 

providing a system administrator dofi n od creating a w rite access control list 
(ACL) command for a userfr.l L wherein said 

sa i d oystom adm i niotrator dofinod w rite access control Hst command l isting lists a 
25 set of Lightweight Directory Access Protocol (LDAP) user attributes that are coloctod 
created and controlled by said administrator; 

said user applying said write access control list command by listing e e locting a 
subset from said system administrator defined LDAP user attributes for allowing 
authorizing us e r d e fin e d write access to said subset of user attributes to one or more 
30 other usersf m, and bv listing 
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providing a ucor dofincd qccoco control commond ottributo write li st containing 
user identifications of said one or nnore other users such that said one or more other 
users t hat are a ll owod authorized to have write access to said user d e fin e d subset of 
said system administrator defined LDAP user attributes; an4 

5 storing said write appe^s control list command in a directory, said directory 

containing said user attributes: and 

responsive to one or more other users accessing anv of said user attributes in 
said directory, said write access control Ust command referring to said w oo f- dofinod writo 
list of user identifications at runtime thereby allowing said writ e u se r id e ntificat i on s one 

10 or more other users write access to said system administrator defined LDAP user 
attributes[[;]l 

v/h e r e ln said writ e acc e ss contro l command resid e s in a dir e ctory containing said 
LDAP attributes , 

15 7. (original) The process of Claim 6, wherein upon a client write access, the directory 
server selects a specific v\n"ite access control command according to the attribute being 
accessed and refers to the v^Ite list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

20 8. (original) The process of Claim 6, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed 
to read a specified set of attributes; and 

providing a system administrator defined read. access control command; 
wherein said read access control command lists the user attributes that said 
25 administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

9. (original) The process of Claim 8, wherein upon a client read access, the directory 
30 server selects a specific read access control command according to the attribute being 
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accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access. 

10. (currently amended) An apparatus for a simplified access control language that 
5 controls access to directory entries In a computer environment, comprising: 

means for a system administrator dofi n od creating a read access control list 
fACL> command for a userfr: 11. wherein said 

moans for - s aid s yst e m administrator dofinod read access control list command 
listmg iiste a set of Lightweight Directory Access Protocol fLDAP^ user attributes M 
10 are soloctod created and controlled by said administrator, 

means for said user apptvina said read access control list command by listing 
s ele ct i ng a subset from said system administrator defined LDAP user attributes for 
a l lowing authorizing uso r dofinod read access to said subset of user attributes to one or 
more other usersfM I, and by listing 
15 a u se r d e fin e d aoo e ss contro l command -Qttributo - road —l ist -^ eQ R tQining -user 

identifications of said one or more other users such that said one or more-other users 
that a re a ll ow e d a uthorized to h aye read a ccess t o s aid u s e r d e fin e d s ubset o f s aid 
system administrator defined LDAP user attributes; 3^4 

means for storing said read access control list command In a directory, said 
20 directory containinQ said user attributes: and 

responsiye to one or more other users accessing any of said user attributes in 
said directory, means for said read access control list command referring to said «seF 
dofinod rood list of user identifications at njntime thereby allowing said r e ad user 
idontificationo one or more other users read access to said system administrator defined 
25 LDAP user attributes[[;]l 

wh e r e in sa id r e ad acc e ss control command re si d es i n a dir e ctory cont a ining said 
LDAP us e r attribut e s . 

11, (original) The apparatus of Claim 10, wherein upon a client read access, the 
30 directory server selects a specific read access control command according to the 
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attribute being accessed and refers to the read list of the owner of the attribute being 
accessed to determine if said client has permission to execute said read access. 

12. (original) The apparatus of Claim 10, further comprising: 

5 a user defined write list containing user identifications that are allowed to write a 

specified set of attributes; and 

a system administrator defined write access control command; 
wherein said write access control command lists the user attributes that said 
administrator has selected for user defined write access; and 
10 wherein said write access control command refers to said user defined write list 

thereby allowing said write user Identifications write access to said user attributes. 

13. (original) The apparatus of Claim 12, wherein upon a client write access, the 
directory server selects a specific write access control command according to the 

15 attribute being accessed and refers to the write list of the owner. of the attribute being 
accessed to determine if said client has permission to execute said write access. 

14. (cun'ently amended) An apparatus for a simplrfied access control language that 
controls access to directory entries in a computer environment, comprising: 

20 means for a system administrator creating a d efir^ read access control list 

fACL) command for a user that lists Lightweight Directory Access Protocol (LDAP) user 
attributes that said administrator has sele ct e d created for user defined read access, 
said user selecting a subset of u se r d e fin e d said LDAP user attributes from said list for 
read access to one or more other users; 

25 means for a system administrator creating a d e fined write access control list 

(ACL) command for a user that lists LDAP user attributes that said administrator has 
selected created for user defined write access, said user selecting a subset of «seF 
defined said LDAP user attributes from said list for write access to one or more other 
users; 

30 a plurality of user defined access control Hst command attribute read lists 

containing user identifications of said one or more other users that are allowed to read 
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said user defined subset from said LDAP user attributes that said administrator has 
sotoeted created for user defined read access; aA4 

a plurality of user defined access control list command attribute write lists 
containing user identifications of said one or more other users that are allowed to write 
5 sakj user defined subset from said LDAP user attributes that said administrator has 
oo l ootod created for user defined write access; and 

wh e r ei n storing said read access control Hst command and said write access 
control list command reside in a directory containing said LDAP user attributes; 

wherein when a c l ient responsive to o ne o r m ore o ther u sere reauestina read 
10 access to one of the LDAP user attributes that said administr a tor ha s e e l e ct e d for ucor 
dofinod r oa d acco ss- O G Gurs , applying said read access control list command and the 
read list of the owner of the attribute being accessed are us e d to determine If said ^fefrt 
one or more other users has permission to execute said read access; and 

wherein wh e n a c l i e nt responsive to one or more other users requesting write 
15 access to one of the LDAP user attributes that s aid adminiotrator ha s se l e ct e d for - ucor 
defined write aoooss occurs , apolvina said write access control |ist command and the 
write list of the owner of the attribute being accessed ar e used to determine if said cli e nt 
one or more other users has permission to execute said write access. 

20 15. (currently amended) An apparatus for a simplified access control language that 
controls access to directory entries In a computer environment, comprising: 

means for a system administrator dofinod creating a w rite access control list 
(ACL) command for a user O, wherein said 

m e ans for sa i d syst e m administrator dcfinod - w rite access control list command 
25 l isting lists a set of Lightweight Directory Access Protocol (LDAP) user attributes that 
are s e l e cted created and controlled by said administrator; 

means for said user applying said write access control list command by listing 
SGlocting a subset from said system administrator defined LDAP user attributes for 
al l ow i ng authorizing u se r d e fined write access to said subset of user attributes to one or 
30 more other usersfFil l, and by listing 
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a us e r d e fin e d aooess contro l oommand attribute write list containing user 
identifications of said one or more other users such that said one or more other users 
that are allowed authorized to have w rite a ccess t o s aid u^o F- dof i nod subset of said 
system administrator defined LDAP user attributes; 
5 means for storing said write access control list comriiand in a directory, said 

directory containing said user attributes: and 

responsive to one or more other usere accessing any of said user attributes in 
said directory, means for said write access control list command referring to said user 
d e fin e d writ e list of user identifications at mntime thereby allowing said writ e user 
10 i d e ntification s one or more other users write access to said system administrator 
defined LDAP user attributes[[;]] 

wh e re i n said writ e acc e ss control command rosidos In a - d i r -e Gtory^ontain i ng said 
LDAP usor attributes . 

15 16. (original) The apparatus of Claim 15, wherein upon a client write access, the 
directory server selects a specific write access control command according to the 
attribute being accessed and refers to the write list of the owner of the attribute being 
accessed to determine if said client has permission to execute said write access. 

20 17. (original) The apparatus of Claim 15, further comprising: 

a user defined read list containing user identifications that are allowed to read a 
specified set of attributes; 

a system administrator defined read access control command; 
wherein said read access control command lists the user attributes that said 
25 administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

18. (original) The. apparatus of Claim 17, wherein upon a client read access, the 
30 directory server selects a specific read access control command according to the 
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attribute being accessed and refers to the read list of the owner of the attribute being 
accessed to determine if said client has permission to execute said read access. 

19. (currently amended) A program storage medium readable by a computer, tangibly 
5 embodying a program of instructions executable by the computer to perfonm method 
steps for a simplified access control language that controls access to directory entries in 
a computer environmentp comprising the steps of: 

providing a system administrator d e fin e d creating a read access control list (ACL) 
command for a userffi H wherein said 
1 0 said cy sto m admlni c trator dofinod read access control list command Hsting lists a 

set of Lightweight Directory Access Protocol (LDAP) user attributes that are s e l e cted 
created and controlled by said administrator; 

said user applvina said read access control list command by listing s e l e cting a 
subset from said system administrator defined LDAP user attributes for allowing 
15 authorizing usor dofinod read access to said subset of user attril3Utes to one or more 
other usersrr:11 . and bv listing 

providing a us e r d e fin e d acoess contro l command attribut e read l i st containing 
user [dentificiations of said one or nrtore other users such that said one or more other 
users t hat are al l owed authorized to have read access to said u se r d e fin e d subset of 
20 said system administrator defined LDAP user attributes; ar^ 

storing said read access control list command in a directory, said directory 
containing said user attributes: and 

responsive to one or more other users accessing any of said user attributes in 
said directory, said read access control list command referring to said ysor-dofined read 
25 list of user identffications at runtirne thereby allowing said fea d u se r id e ntifioations one 
or more other users read access to said system administrator defined LDAP user 
attributes[[;]] 

wh e r e in said road acc ess contro l oommand - r - osidos in a dir e ctory conta i n i ng &o i d 
LDAP attributoG . 

30 
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20. (original) The method of Claim 19, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has permission to execute said read access, 

5 

21 .(original) The method of Claim 19, further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed 
to write a specified set of attributes; 

providing a system administrator defined write access control command; 
10 said write access control command listing the user attributes that said 

administrator has selected for user defined write access; and 

said write access control command refem'ng to said user defined write list 
thereby allowing said write user identifications write access to said user attributes. 

15 22. (original) The method of Claim 21, wherein upon a client write access, the directory 
sen/er selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 
determine if said client has permission to execute said write access. 

23. (currently amended) A program storage medium readable by a computer, tangibly 
embodying a program of instructions executable by the computer to perform method 
steps for a simplified access control language that controls access to directory entries in 
a computer environment, comprising the steps of: 

prov i ding for a us e r a system administrator creatine a d ofinod read access 
control list (ACL) command that lists Lightweight Directory Access Protocol (LDAP) user 
attributes that said administrator has soteoto d created for user defined read access, 
said user selecting a subset of u se r d e fin e d said LDAP user attributes from said list for 
read access to one or more other users; 

provid i ng for -^ a - uoc f a system administrator creating a d e fin e d write access 
control list fACL> command that lists Lightweight Directory Access Protocol (LDAP) user 
attributes that said administrator has se l e ct e d created for user defined write access. 

10 
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said user selecting a subset of us e r d e fin e d said LDAP user attributes from said list for 



5 read said user defined subset fronn said LDAP user attributes that said administrator 
has s e l e ct e d created for user defined read access; afl€J 

providing a plurality of user defined access control list command attribute write 
lists containing user identiflcattons of said one or more other users that are allowed to 
write said user defined subset from said LDAP user attributes that said administrator 
1 0 has s e l e ct e d created for user defined write access; and 

where i n storing said read access control Ijst command and said write access 
control list command reside in a directory containing said LDAP user attributes; 

wherein wh e n a c l ie nt responsive t o o ne o r m ore other u sers requesting read 
access to one of the LDAP user attributes that s a i d admin is tr a tor has s ele ct e d for u se r 
1 5 defin e d r e ad ogcoco occurs , applying said read access control iisl command and the 
read list of the owner of the attribute being accessed are used to determine if said c l ient 
one or more other users has permission to execute said read access; and 

wherein w -fee n -a -c lie nt responsive to one or more other users reguesting write 
access to one of the LDAP user attributes that said adm i nistrator hao sol oct e d for uoor 
20 d e fin e d wr i t e acc ess occurs , a pplying said write access control Hst command and the 
write list of the owner of the attribute being accessed e tf e -bts o d to determine if said eHoHt 
one or more other users has permission to execute said write access. 

24.(currently amended) A program storage medium readable by a computer, tangibly 
25 embodying a p rogram o f i nstructions e xecutable b y t he c omputer t o p erform method 
steps for a sinnplified access control language that controls access to directory entries in 
a computer environment, comprising the steps of: 

providing a system administrator dof 4 fK) 4 creating a w rite access control list 
(ACL) command for a userfFrTI . wherein said 




write access to one or more other users; 

providing a plurality of user defined access control ijst command attribute read 
lists containing user identifications of said one or more other users that are allowed to 
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GQid - oystcm admin i strator dofinod w rite access control list command listing lists a 
set of Lightweight Directory Access Protocol (LDAP) user attributes that are s e lected 
created and controlled by said administrator; 

said user a pplying said write access control list command by listing sel ecting a 
5 subset from said system administrator defined LDAP user attributes for a l low i ng 
authorizing user defined write access to ^^jc^ subset of user attributes to ope or more 
other usersrrrI L and by listina 

providing a us e r d e fin e d acc es s oontrol command attribut e wr i t e list cont ai ning 
user identifications of said one or more other users such that said one or more other 
10 users t hat are allow e d authorized to have write access to said usor dofined subset of 
said system administrator defined LDAP user attributes; and 

storing said write access control list command in a directory, said directory 
containing said user attributes: and 

responsive to one or more other users accessing any of said user attributes in 
1 5 said directory, said write access control Hst command referring to said ucor dofinod writo 
list of user Identifications at runtime thereby allowing said writ e u se r id e ntific a tion s one 
or more other users write access to said system administrator defined LDAP user 
attributes[[;]] 

wh e rein s a id writ e acc e ss control command r e sid e s in a dir e ctory contain i ng said 
20 LDAP ottributog ; 

25. (original) The method of Claim 24, wherein upon a client write access, the directory 
server selects a specific write access control command according to the attribute being 
accessed and refers to the write list of the owner of the attribute being accessed to 

25 determine if said client has permission to execute said write access. 

26, (original) The method of Claim 24, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 
30 providing a system administrator defined read access control command; 
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wherein said read access control command lists the user attributes that said 
administrator hais selected for user defined read access; and 

wherein said read access control command refers to said user defined read list 
thereby allowing said read user Identrfications read access to said user attributes, 

27. (original) The metlnod of Claim 26, wherein upon a client read access, the directory 
server selects a specific read access control command according to the attribute being 
accessed and refers to the read list of the owner of the attribute being accessed to 
determine if said client has pemnission to execute said read access. 
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